<?php

error_reporting(7);

if (!$_POST[action]) {
	$action = $_GET[action];
} else {
	$action = $_POST[action];
}

if (empty($action)) {
	$action = "edit";
}

if ($action=="edit") {
	$template_name = "password_edit.htm";
	require "common.php";
	# START 检查权限
	if (!$perm->check_permission(MISC, MISC_EDIT_PASSWORD)) {
		display_nopermission();
	}
	# END 检查权限
	$tpl->output();
	require "footer.php";
}

if ($_POST[action]=="update") {
	require "common.php";
	# START 检查权限
	if (!$perm->check_permission(MISC, MISC_EDIT_PASSWORD)) {
		display_nopermission();
	}
	# END 检查权限
	$old_password = md5($_POST['old_password']);
	$checkpassword = $DB->query_first("SELECT * FROM admins
						WHERE adminid='".$_SESSION[admininfo][adminid]."'");
	if ($old_password!=$checkpassword[password]) {
		display_error("旧密码无效！");
	}

	$new_password = trim($_POST[new_password]);
	$confirm_new_password = trim($_POST[confirm_new_password]);

	if ($new_password=='') {
		display_error("新密码不能为空！");
	}
	if ($new_password!=$confirm_new_password) {
		display_error("两次所输入的密码不一，请重新输入！");
	}

	$DB->query("UPDATE admins SET
                        password='".md5($new_password)."'
                        WHERE adminid='".$_SESSION[admininfo][adminid]."'");

	display_error("密码修改已成功！");

}
?>
